ajcctech, LLC... Licensed and Insured... information technology professionals in business since 1999

Home | Services | SupportContact Info | Tech News & DownloadsHardware & Software | Notebooks

Updated 11/17/2006

Listen to Adam on the TechGuy "AM 640KFI" with Leo Laporte 07-02-2005 3rd Hour - un-edited version

 New Windows tips, tweaks / tools & downloads

11/17/2006: I have not updated this page for awhile but I am still here! Latest releases from Microsoft: Windows Vista, Office 2007, and the Zune Player:

I have done some nominal testing with Windows Vista RC2 Ultimate and it has a real nice feel and look running the Aero Glass theme. I did run into and issue with getting my printer driver for an old legacy Xerox MFC printer and older Creative Audigy sound card. I think users should wait a little longer to upgrade to this version of Windows as there will be expected issues over the next several months as software developers may be running behind with patches, drivers and updates for proper functionality of hardware and software applications. For some home users it may be okay, but for power users and business users I think it is a little premature to do the upgrade right now. I would recommend waiting a few more months. For those that want to do the upgrade, be sure to check with all the hardware manufacturers for your equipment for compatibility. Also you will need to do this for all the different software or applications that you run. Other then that, sure go ahead. We are always happy to assist with this and don't hesitate to call us. One more thing, if you do want to run Vista, we recommend doing a fresh install instead of an upgrade. Backup all your data first and make sure you have all the required application installation CD's and product keys prior to installing Vista. Don't forget to make sure your system meets the minimum hardware requirements. Pentium4 or Celeron 2.4Ghz CPU,  512mb Ram, 40Gig hard drive. This is my view of the minimum requirements only, you could go less but it would run very sluggish.

 

As far as Zune player, I have heard that there are several Digital Rights Management (DRM) issues.and that you can only download songs from Microsoft or import them from your library. I could be wrong on this as I am still slowly researching this as time is available. I do hear good things as far as its appearance, large screen, aesthetics, navigation and overall feel. But also I have heard too many limitations and restrictions as far as downloading or transferring music from other paid and non-paid sources. I will update you on this as find out more.

 

Office 2007 - I am testing, I have no comments on this just yet.

 

11/04/2005: Stealth virus and spyware technology known as Rootkits:

Now I finally understand why some spyware is so difficult to get rid of, and in a lot of cases the system must be reloaded. This explains the complexity involved with the removal of malware, spyware, adware, whatever you call this malicious pest-like software. Well let me tell you, this is the most difficult nightmare to deal with on a customer computer. I can spend hours scanning, manually investigating and cleaning each issue. It is ridiculous! It is much cheaper to just backup the data and reload the system. But here is the problem. Some customers do not have all the original software disks to re-install the system. Not to mention, we encounter from time to time those types of customers that don't want the system reloaded, they want everything exactly the way it is except for the virus and spyware problems to be gone. Rootkits are the latest discovery in spyware technology. I actually believe this technology has been around for probably a year or two even, but is just now being investigated at this core level which will be explained if you read on. I will tell you briefly in my own words and understanding which may not be totally correct so I will then provide you with some links to other sites I trust for more information.

Today I started playing with some Root Kit removal utilities. The first one I have tried is "Black Light" from F-Secure, the developers of the F-Prot Antivirus. I had a system in our office that appeared to be infected with some common viruses and spyware. We performed our normal procedures for cleanup in Safe Mode, removing temp files, and disabling unknown services and applications using MSCONFIG. We then scanned the machine using MS Antispyware and AdawareSE 1.06 and removed all items found. Then I ran the Black Light Rootkit removal utility and found many items. The files had "$" signs in front of them and as part of the name. This is to make the files invisible to a user when searching directories even if view hidden files and folders is turned on. So you then have the option to rename the files and I did. Then I selected the option to fix the items found, it was successful. I then scanned it again with Black Light and it came up clean. So just to be safe, I performed a deep file scan with AdawareSE 1.06. Over 65 items were found. So then I removed those items and the system would not boot. Not in Safe Mode or Normal Mode. I had to completely reload the system. No data was lost as I backed it up prior to performing this operation. And even if I did not, the data was still there of course, but the operating system was hosed.

Here are some links to articles and podcasts regarding rootkits:

Security Now! With Steve Gibson, Episode 11: WEP and MAC Address Filtering

Security Now! with Steve Gibson, Episode 12: Sony/BMG's Rootkit DRM

 

What is a Rootkit?

Credit information from Sysinternals.com

The term rootkit is used to describe the mechanisms and techniques whereby malware, including viruses, spyware, and trojans, attempt to hide their presence from spyware blockers, antivirus, and system management utilities. There are several rootkit classifications depending on whether the malware survives reboot and whether it executes in user mode or kernel mode.

 

Persistent Rootkits
A persistent rootkit is one associated with malware that activates each time the system boots. Because such malware contain code that must be executed automatically each system start or when a user logs in, they must store code in a persistent store, such as the Registry or file system, and configure a method by which the code executes without user intervention.

 

Memory-Based Rootkits
Memory-based rootkits are malware that has no persistent code and therefore does not survive a reboot.

 

User-mode Rootkits
There are many methods by which rootkits attempt to evade detection. For example, a user-mode rootkit might intercept all calls to the Windows FindFirstFile/FindNextFile APIs, which are used by file system exploration utilities, including Explorer and the command prompt, to enumerate the contents of file system directories. When an application performs a directory listing that would otherwise return results that contain entries identifying the files associated with the rootkit, the rootkit intercepts and modifies the output to remove the entries.

The Windows native API serves as the interface between user-mode clients and kernel-mode services and more sophisticated user-mode rootkits intercept file system, Registry, and process enumeration functions of the Native API. This prevents their detection by scanners that compare the results of a Windows API enumeration with that returned by a native API enumeration.

 

Kernel-mode Rootkits
Kernel-mode rootkits can be even more powerful since, not only can they intercept the native API in kernel-mode, but they can also directly manipulate kernel-mode data structures. A common technique for hiding the presence of a malware process is to remove the process from the kernel's list of active processes. Since process management APIs rely on the contents of the list, the malware process will not display in process management tools like Task Manager or Process Explorer.

For more information visit: http://www.sysinternals.com/utilities/rootkitrevealer.html

Credit information from F-Secure.com

 

What is a rootkit?

The term rootkit is very old and is dated back to the days when UNIX ruled the world. Rootkits for the UNIX operating system were typically used to elevate the privileges of a user to the root level (=administrator). This explains the name of this category of tools.

Rootkits for Windows work in a different way and are typically used to hide malicious software from for example an antivirus scanner. Rootkits are typically not malicious by themselves but are used for malicious purposes by viruses, worms, backdoors and spyware. A virus combined with a rootkit produces what was known as full stealth viruses in the MS-DOS environment.

 

How dangerous is a rootkit?

The rootkit itself does typically not cause deliberate damage. Its purpose is to hide software. But rootkits are used to hide malicious code. A virus, worm, backdoor or spyware program could remain active and undetected in a system for a long time if it uses a rootkit.

The malware may remain undetected even if the computer is protected with state-of-the-art antivirus. And the antivirus can't remove something that it can't see. The threat from modern malware combined with rootkits is very similar to full stealth viruses that caused a lot of headache during the MS-DOS era. All this makes rootkits a significant threat.

 

How common is the problem?

There are currently several spyware programs and viruses that use rootkits to hide. There are also a couple of publicly reported intrusions where rootkits have been used (for example the theft of the Half-Life 2 source code).

Rootkits are already quite common in spyware programs but not as common in viruses. There is clear evidence that rootkits is a technique that works in practice. But the actual threat is still small compared to the potential of this technique.

 

What malware uses rootkit techniques?

First of all, "real" rootkits such as Hacker Defender and FU, of course. Then some spyware/adware programs such as EliteToolbar, ProAgent, and Probot SE. Some Trojans such as Berbew/Padodor and Feutel/Hupigon, and also some worms e.g. Myfip.h and the Maslan-family.

 

Shouldn't antivirus detect rootkits before they go into hiding?

Yes, and in some cases it will. However, rootkits are usually distributed in source code and that means a hacker can modify the rootkit until antivirus products no longer detect it. In fact, many rootkit and Trojan authors sell "undetection service" to their "customers". This means that for a certain amount of money they guarantee that the rootkit binary they sell is not at that point detected by any antivirus vendors. There are also some other features in modern antivirus products that may detect rootkits. For example F-Secure Internet Security 2005 has a feature we call "Manipulation Control". It is a behavioral blocking mechanism that prevents malicious processes from manipulating other processes. This will prevent the activation of some rootkits, but not all.

 

What's the forecast for rootkits?

Rootkits are already quite common in the spyware field and they are becoming more commonly used among virus authors as well. Virus writers of today are becoming more professional and have a business purpose for their activities. They certainly have the skills and motivation to implement the added complexity that rootkits introduce in a virus or worm.

Rootkits can make hidden backdoors or spam-relays in infected computers useful for a much longer time. There is reason to believe that the use of rootkits will increase in the future.

About F-Secure BlackLight ->

Visit F-Secure and their info on this at: http://www.f-secure.com/blacklight/rootkit.shtml

 

Trojans, Viruses, Worms and Spyware, an informative discussion and collection of data from adamjudis.com and other trusted sources.

If you take the time to read this article, it can save you a lot time, money and headaches...this probably applies to you!

Trojans, Viruses, and Worms -- They are not all the same, but can deliver a whopping payload of all three especially for users of Microsoft products. Spyware will be discussed later in this article.

 What is a computer virus? The first thing you will notice immediately is that the system is running very sluggish and may freeze, not respond to your commands, or receive a lot of pop-up ads in Microsoft Internet Explorer. In some cases these pop-up ads are so frequent that you are unable to browse the internet. This is extremely common and should not be taken lightly. The biggest problem with this is not that the system is running slow, but that any data or information on your computer is compromised, meaning that someone else may have sensitive or personal information that belongs to you. The most common types of viruses are Trojans, Worms and Viruses which are all different and some may contain all three of these components in one package you download or execute without your knowledge. Please read on as I will describe these different forms of attacks.

Viruses

Viruses are computer programs with the sole purpose of destroying data and software on your computer. For example, the virus may only destroy unimportant files, or it may be designed or programmed to erase all of your documents, programs and or other important files. A virus can cause an infected computer to do funny things for example, or do things on certain dates, issue serious commands such as erasing or modifying the system Registry causing the system to fail the boot-up process. A compromised computer affects other computers on your local network and can cause a lot of local and wide area network traffic including systems reliability. Bottom line is, new viruses come out everyday, there is no telling what malicious programmers will come up with next as they seem to always be one step ahead. Because Microsoft is the most commonly used computer operating along with their applications or software, their products are also the most targeted ones for attack. If you are proactive in maintaining your computing habits and performing regular security measures, this will minimize your computer related expenses or losses.

Sometimes a virus will only do things to annoy you, but usually it will damage the operating system, or applications software on your system. Computer hardware does not get damaged from viruses, but in most cases the loss of data or information on your system is much more expensive to replace then the computer hardware itself.

Viruses are spread through executable files or programs we either get from friends, download off the internet like free games, or install using a CD or floppy disk. A virus will often come disguised under the cloak of a Trojan, which is the carrier for the virus. Our team of computer experts can quickly and easily recognize this type of activity. If you are even slightly suspicious of the performance of your system, then you should do something about it immediately. Don't wait, call us for consultation as the first 10 minutes is free of charge.

 

Trojans

A Trojan refers to a program that appears as something you may think is safe, but hidden inside is usually something harmful, probably a worm or a virus. The lure of Trojans is that you may download a joke, game, or  picture, thinking it's harmless, but once you execute this file or run it, the trojan program leaves the infected computer open for hackers to gain access and install software, look at personal files, and use the computer for illegal purposes. Trojans usually infect computers through unpatched security holes in Microsoft Windows Operating System and Microsoft Internet Explorer.

 

Worms

Worms operate differently, as they can infect and replicate themselves throughout your system which will then propagate them out over the internet reproducing themselves in the same cycle.

Worms generally come through email, but computer users can also get infected if they accept a Trojan file which has the payload of a worm. If you receive a worm program through email,  then execute it, this program sends the worm file out to all your contacts listed in your MS Outlook or Outlook Express email address book immediately. If you work in a large company this could mean hundreds of people propagating this virus out causing infinite spreading of the virus.

Recently witnessed,  the world-wide problems of the "Love bug". A perfect example of all of the above. This was a Trojan because it came disguised as a 'Love Letter' when really it was carrying a harmful program. It is a virus because once executed, it infected files on your computer, turning them into new Trojans. It's a Worm because it propagated itself by sending itself out to everyone listed in your email address book or IRC client.

This is reality -- bad things are out there, disguised as good things....and you must use your computers safely and wisely. If you even slightly raise a question in your mind that it could be unsafe to open, just immediately delete it.

 If you have any doubts about whether or not a warning you receive may be true or false, visit Symantec’s Antivirus Site at: http://securityresponse.symantec.com/. They list and describe over 80 of the most prevalent viruses and hoaxes circulating worldwide. You can also check this site for news, information and a possible removal processes to eradicate a virus(es) on your system.

 

 The Best Defense

·         Don’t use Internet Explorer for your regular web surfing. Use a different Web Browser like Firefox, Netscape, or Opera.

·         When downloading files off the Internet, be sure it's from a reputable site.

·         Never run or even look at files you receive through your email client from people you don't know. If you have any doubts at all, write the person back,and ask for verification that they sent you a file or better yet, just delete it. Some of the more recent viruses will send email with attachments to everyone listed in your email address book and then deletes itself so you have no idea this just happened. This is particularly found with Microsoft Outlook Express users. 

·         Be aware, no anitivirus program is 100% effective (due to the complexity of new viruses appearing everyday), so you must use your common sense. This is what I preach, if it is free, don’t download it or use it, unless it is from a reputable or trusted source that you have verified. There are a few free antivirus programs, but I suggest you purchase one of the leading ones available like Mcafee or Norton Antivirus which we sell for about $45.00. It is a small price to pay considering what it costs to clean up an infected system which can run as high as $300.00 to fix if data recovery is needed.

·         Never click on links through Chat or IRC programs that come from someone you do not know.

·         One more important step is to backup your important files regularly. Start today!!
Do not wait until you are infected to do this. Most computers today using Microsoft products are infected with viruses and or spyware while the common computer user is unaware of this. Scan your system with one of our on-line active virus scan utilities on the bottom of our home page at: www.adamjudis.com. Again be sure to backup your data before running any of these utilities as we can not be liable or the developers of the software for the loss of your data.

·         Set yourself up for a regular time to update your anti-virus definitations, perform scans, and system security updates. And do it now! If you don't keep your computer up-to-date with the latest security updates, then you are leaving yourself vulnerable. With over 200 new viruses being reported each month, tomorrow is not the time to update. Call us today if you need assistance in maintaining your computer, as it will save you time and money in the long run.

Listen to the "Tech Guy", Leo Laporte's show on KFI640.com regarding viruses aired 06-11-2005. Also visit http://www.leoville.com/ for more tech updates and solutions. "The Tech Guy" can be heard on the radio at KFI 640am or on the web at: www.kfi640am.com , click on the "Listen to KFI" link. 11am - 2pm Saturday and Sunday. The folks here at adamjudis.com recognize Leo Laporte as a fine technical solutions provider in the industry since Zdnet days through TechTV days. And currently with Call For Help in Canada and KFI640am "The Tech Guy" in California. The previous show "The Screen Savers" has been discontinued with the new aquisition of  TechTv by G4TV . Leo and former members of the "Screen Savers" have created a new group with podcast called: This Week in Tech.

 Spyware: What is Spyware?

Listen to Adam on the TechGuy "AM 640KFI" with Leo Laporte 07-02-2005 3rd Hour - un-edited version

You may know spyware by one of its many names, adware, spyware, malware, trackware, thiefware, snoopware, sneakware, etc.  Spyware is ad related software designed to track your web-surfing habits or information you submit to sites on the internet and much more. Not only is this a problem for obvious reasons, but the software is usually poorly written causing Microsoft Internet Explorer to be unstable.

Adware are computer programs that can do a wide range of things. Two of the main purposes are to collect data from your computer and report it back to the company, and to display popup windows of ads whether or not you are viewing websites at the time. These programs can get onto the computer any number of ways. The most common ways are as part of freeware programs such as file sharing programs, by displaying confusing dialog boxes on websites to confuse people into clicking Yes to install them, or through security holes in Internet Explorer while you browse websites.

Because of its stealthy nature, most Internet users are more familiar with these symptoms of spyware infection:

You probably already know what I am talking about because this is already happening to you. Read on....

For virtually everyone surfing the Internet, this is a nuisance, but if you do not detect this on your PC, it can lead to a much more serious consequence like identity theft. Because of the threats that spyware pose, removal utilities installed on your PC are essential. Removal of spyware helps protect yourself from malicious attacks. Some of these utilitites are offered free from the developers and the links can be found on  www.adamjudis.com but are used at your own risk. Again, backup your data before installing and running any utilities if your system is stable enough to do so. If a computer is seriously infected with spyware or viruses, this may cause the install to fail , causing more problems with your system. For further definition download this PDF. Spyware Definitions.pdf

Spyware facts:

Experts view spyware as a real threat to consumers and businesses. If you're online, you should be concerned this. You may want to consider adding an anti-spyware program to your PC to remove spyware. Also very helpful which usually eliminates you from getting spyware is by using a different browser other then Internet Explorer (which comes packaged with the Microsoft Windows Operating System) like Firefox or Netscape. This is most unfortunate although there are some ways to tighten the security of Internet Explorer, it is not always so easy for the average computer user to do so. The easiest way is to download and install an alternate web browser and only use Internet Explorer when you have to, for viewing a reputable website if alternative browsers are not supported by the specific web page.

**National Cyber Security Alliance, June 2003

**Web@Work Study, March 2004

Spyware in the news:

How does spyware find you?

Even if you're careful, you can pick up adware and other forms of spyware through normal Internet activities especially when using Microsoft Internet Explorer as your web browser.

 Isn't spyware just another passing trend that will eventually fade away?

Unfortunately, no Spyware and adware makers have found a viable financial model that supports continued activity, whether it's legal or not. Unlike most other Internet threats, such as viruses that are purely malicious in nature, malware creators profit enormously by selling information on your surfing habits, redirecting you to sites you didn't intend to visit, or by bombarding you with pop-up ads. Since it is almost impossible to find and stop the makers of adware, or reduce the lucrative financial opportunity, this trend is here to stay.

What can you do if you get spyware on your PC?

If you don't want it on your computer, you can try to remove spyware manually. However, adware removal is a difficult and a complicated process for even the most experienced computer user. For the best spyware removal utilities, many consumers today are turning to anti-spyware software like , AdawareSE, Spybot Search & Destroy, and Webroot Spy Sweeper. A spyware remover like this can detect spyware and safely remove the applications from your system in most cases but not all. So be careful to backup your essential data before running these utilities if your computer is running stable enough to do so. These utilities may be downloaded at www.adamjudis.com on the bottom of our home page. Again, backup your data before using them if you can. By using any of these utilities is at your own risk, but they would not be on our site if we did not find them helpful for the most common computer spyware issues.

 

Erradicating Viruses and Spyware 

Performing this is at your own risk, backup your data first if possible! Call us if you do not feel comfortable doing this.

 

Boot into Safe Mode with Network Support.

Turn off System Restore

Open Windows Explorer and set it to view hidden files and folders.

Delete temporary files on system. There are temp folders for each user profile and the Windows/temp folder.

Delete temporary internet files for each user.

Update your antivirus software and scan the system and go to our website and run TrendMicro or Panda Virus Scan. We recommend running both Trend Micro and Panda. (Don't run both concurrently)

Call us for service if you are unable or not comfortable performing this procedure as it is risky.

Run MSCONFIG (for WindowsXP, Win98, or ME) and remove suspicious services and startup items. Be very careful here. If system dependant items are removed, your system will not boot. For Windows2000 you will have to run regedit to perform this task and go to the proper registry location. You can call us for this as it is complicated for the common computer user.

 

Listen to: This Week in Tech

"TWIT" - This Week in Tech - Show #17 Submitted by Leo Laporte August 8th 2005

"TWIT" - This Week in Tech - Show #18 Submitted by Leo Laporte August 14 2005

"TWIT"  - This Week in Tech - Show #21 Live from The Apple Store in downtown SF

"Twit Snips 08-24-2005" High bandwidth 

"Twit Snips 08-24-2005" Lower bandwidth

Dvorak's Pile of Junk - High Bandwidth

Steve Gibson's spam filtering solution - 08-14-2005 High Bandwidth

Listen to: This Week in Tech!

 

 

New... Windows tips, tweaks & tools

 

 

Tips

 

Latest one from Leo on Call for Help

Shortcut to User Accounts in Control Panel.

Click "Start", "Run" and in the "Open" field type "control userpasswords2"

 

Daisy chaining wireless routers:

http://leoville.tv/radio/pmwiki.php/ShowNotes/Show177#toc11

 

Port Forwarding "Everything you want to know about Port Forwarding"

Recommended by G4TV, Leo Laporte on "Call for Help".

Link to "Port Forward.com".

 

 

Tweaks

 

Linksys WRT54G - Special guides to custom mods. (for techs only, do not click on link with IE use Firefox or Netscape may have spyware): http://www.i-hacked.com/content/view/26/42/

 

 

Recent identified security issues:

 

Mozilla Firefox: See this link for information and how to manually perform a fix for this.

https://addons.mozilla.org/messages/307259.html

 

Security Tests

 

Security Test by GRC.com  Sheilds Up!

 

Speed Tests

Broadband Speed Tests  SpeakEasy  DSL Reports  2wire

 

Downloads

 

Safe Web Browser - Mozilla Firefox

Kerio Personal Firewall (for Win9x & Win2K)

Free Antivirus: Antivir

Excellent graphics viewer plus: Irfanview

Free graphics editor: Paint.net

Codec - Stands for "Compressor / Decompressor" used generally for Audio and Video. This utility can help you identify the proper codec to view you audio or video files. Use the Gspot Codec Information Appliance utility to identify your required codec.

File Recovery - Restoration: Recovers deleted files, even after emptying the Recycle Bin.

 

Tools

 

    Aports.exe - Monitor what ports applications use (for Win2000/XP)

    MSConfig.exe - Use for Windows2000... (Not needed for Win98, ME and XP)

    Cleanup - Quickly cleans your system of temp files, freeing up lots of space quickly and easliy.

    Startup Manager - Alternate program for managing system startup applications and services.

 

Spyware / Virus Removal (Note: Boot in "Safe Mode" for best results)

    AVG Antivirus

    Microsoft Antispyware

    AdawareSE

    Spybot Search & Destroy

    Webroot Spysweeper

    Hijack This!

    File Unlocker

    BlackLight

    RootkitRevealer

   

 

^ Top

< Home